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DETAILED ACTION 

1 . This action is responsive to communication: filed on 24 August 2007 with recognition of 
an original application filed 12 September 2002, with acknowledgement of continuing data from 
a 3 1 7 of PCT/USOO/27352 filed 4 October 2000, with a provisional application filed 

5 October 1999. 

2. Applicant's election with traverse, Group I (Claims 16-30). The traversal is on the 
grounds that the Office has not shown: proof of a serious burden, since the claims 70-75 have 
been previously examined. This is not found persuasive because the Examiner finds the 
restriction is proper for multiple reasons one previously claims 16-30 would be allowable if 
Applicant amended the claims as suggested the Examiner; claims 70-75 are not allowable. In 
addition as indicated by 37 CFR 1 . 142 the Examiner holds the right to restrict at any time before 
final. Since the prosecution is re-opened, the Examiner finds restriction is proper. Furthermore 
restriction is proper because the references used to reject the two groups of independent claims 
are different as evidenced by the Final Office Action mailed 27 October 2006. Claims 16-30 are 
directed to secure communications with mobile node using a registration request as well as home 
and foreign domains. Claims 70-75 are directed to secure communications security associations 
between an initiator and a responder that includes one or more proposals. While both are 
directed to secure communications Group I is directed to mobile nodes using a home and foreign 
domain. Group II is directed to an initiator and a responder which using the broadest reasonable 
interpretation could be mobile or stationary. Group II only uses two parties to communicate an 
initiator and a responder, whereas Group I has three parties i.e. the mobile node, the foreign 
domain, and the home domain. In addition Group II is directed to security associations with 
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multiple proposals whereas Group I is silent to security associations and does not contain 
multiple proposals. 

The requirement is still deemed proper and is therefore made FINAL. 

3. Claims 16-30 and 70-75, are pending in this application. Claims 16-30 are elected. 
Claim 16 and is an independent claim. 

Claim Rejections - 35 USC § 103 

4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or 
described as set forth in section 102 of this title, if the differences between the subject matter 
sought to be patented and the prior art are such that the subject matter as a whole would have 
been obvious at the time the invention was made to a person having ordinary skill in the art to 
which said subject matter pertains. Patentability shall not be negatived by the manner in which 
the invention was made. 

5. Claims 16-30 are rejected under 35 U.S.C. 103(a) as being unpatentable over Inoue U.S. 
Patent No. 6,167,513 (hereinafter '513) in further view of RFC 1827 IP Encapsulating Security 
Payload (ESP) (hereinafter RFC 1827). 

s to independent claim 16, ^'A method of providing secure communication between a 
mobile node and a home domain using a foreign domain, comprising:'' is taught in '513 
col. 4, lines 50-67 "According to one aspect of the present invention there is provided a mobile 
computer for carrying out communications while moving within a communication system in 
which a plurality of networks are inter-connected, said plurality of networks including one 
network at which a packet processing device is provided, said packet processing device having 
a function for applying an encryption and authentication processing to a packet transmitted by a 
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computer inside said one network toward another computer outside said one network . . . and a 
communication unit for carrying out a prescribed communication processing including an 
encryption and authentication processing of a packet to be transmitted from said mobile 
computer, according to recognition results obtained by the first recognition unit and the second 
recognition unit", note encrypting communication between a mobile node through a plurality of 
networks is interpreted to be equivalent to secure communications between a mobile node, 
home domain, and a foreign domain; 

'^transmitting a registration request from the mobile node to the home domain'^ is 
shown in '513 coL 16, lines 24-35 "In the mobile IP scheme, when the mobile computer moves 
to a new visiting site, it is necessary for this mobile computer to send a registration message 
containing an information on a current location to the home agent which manages this mobile 
computer"; 

''the home domain receiving and processing the registration request to generate a 
registration reply" is disclosed in '513 col. 18, lines 44-62 "As this point, the gateway 4b 
transfers this registration message as a packet in the encryption/link authentication format of 
FIG. 4D destined to the next hop gateway 4a. Then, this registration message arrives at the 
home agent 5a via the Internet 6 and the gateway 4a. Also, at the network lb, for example, a 
setting is made in the management table of the gateway 4b so that a packet transferred from the 
Internet 6 side which is destined to this mobile computer 2 will be transferred to the home agent 
5a. By means of this setting, a packet destined to the mobile computer 2 that is transferred from 
the Internet 6 to the home network la of the mobile computer 2 will be given to the home agent 
5a once, and further transferred to a visiting site of the mobile computer 2 from there. 
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At this point, the home agent 5 a carries out the processing for encapsulating an IP packet 
destined to the original address (address in the home network la) of the mobile computer 2 
within a packet in the mobile IP format destined to a current location address of the mobile 
computer 2, as described above"; 

''comprising one or more encryption keys for encrypting messages communicated 
between and among the mobile node home, home domain, and foreign domain" is taught in 
'513 col. 19, lines 25-32 "When the above described registration processing is completed (that 
is, a case in which the permission response is received by the exchange of the key 
information"; 

''and transmitting the registration reply from the home domain to the foreign 
domain and the mobile node" is shown in '513 col. 18, line 65 through col. 19, line 25 "Now, 
when the registration message is received, the home agent 5a transmits the registration response 
message in the IP format having the home agent 5a as a source and the mobile computer 2 as a 
destination, with respect to the mobile computer 2"; 

the following is not explicitly taught in '513: "the request comprising an identity of a user of 
the mobile node in encrypted form and network routing information in non-encrypted 
form" however RFC 1827 teaches "ESP consists of an unencrypted header followed by 
encrypted data. The encrypted data includes both the protected ESP header fields and the 
protected user data" in Section 3 on page 4, note encrypting user data is interpreted equivalent to 
user identity in encrypted form. In addition the unencrypted header is interpreted to be 
equivalent to the network routing information in non-encrypted form. 
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It would have been obvious to one of ordinary skill in the art at .the time of the invention 
to modify the teachings of '513 a mobile communication scheme using encryption and 
authentication to include a means that utilizes RFC 1825-1829 schemes to protect data 
exchanged. One in the art would have been motivated to perform such a modification because 
as indicated by '513 there is a need to guard against the leakage of secret information (see '513 
col. 1, line 51 through col. 12) "For example, there is a problem as to how to prevent the 
leakage of the secret information of the organization to the extemal network, and there is also a 
problem as to how to protect resources and information connected to the domestic network. 
The Internet was developed originally for the academic purpose so that the primary concern was 
the free data and service exchanges by the network connections and the above described 
problem of security has not been accounted for. However, in recent years, many corporations 
and organizations are connecting to the Intemet so that there is a need for a mechanism to guard 
the own network in view of the above described problem of security. To this end, there is a 
known scheme for use at a time of exchanging a data packet on the Internet, in which the 
content of the data packet is to be encrypted and an authentication code is to be attached before 
the transmission of the data packet to the extemal, and the authentication code is to be 
verified and the data packet is to be decrypted at a received site. For example, the IETF (which 
is the standardizing organization for the Intemet) specifies the encryption and authentication 
code attaching scheme for IP packets as the IP security standard (see, IETF RFC 1825-1829). 
According to this scheme, even when an outside user picks up the data packet on the extemal 
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network, the leakage of data content can be prevented because the data content is encrypted, and 

therefore the secure communication can be realized". 

As to dependent claim 17, "wherein transmitting a registration request from the 
mobile node to the home domain comprises: transmitting the registration request from the 
mobile node to the foreign domain, and transmitting the registration request from the 
foreign domain to the home domain" is taught in '513 col. 18, lines 23-48. 

As to dependent 18, "wherein transmitting the registration request from the foreign 
domain to the home domain comprises establishing a secure communications pathway 
between the foreign domain and the home domain" is shown in '513 col. 18, lines 25-48, note 
the encryption link authentication is interpreted to be equivalent to the secure communication 
pathway. 

As to dependent 19, "wherein transmitting the registration request from the foreign 
domain to the home domain comprises establishing a secure communications pathway 
between the foreign domain and the mobile node" is disclosed in '513 col. 18, lines 44-62. 

As to dependent 20, "wherein transmitting the registration request from the foreign 
domain to the home domain comprises establishing a secure communications pathway 
between the home domain and the mobile node" is taught in '513 col. 18, lines 44-62. 

As to dependent 21, "wherein processing the registration request from the mobile 
node within the home domain comprises decrypting the encrypted form of the identity of 
the user" however RFC 1827 teaches that the sending userid and destination address are used to 
locate the correct Security Association for encryption on pages 6 and 7 in the ESP in Tunnel- 
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mode and ESP in Transport mode, obviously the home domain performs decryption and 
determines the sending userid when the registration request message is decrypted. 

As to dependent 22, ^ therein generating a registration reply comprises encrypting 
at least one of the encryption keys" is taught in '513 col. 18, line 65 through col. 19, line 24 
and '513 col. 12, lines 20-40, note the registration reply is sent in encryption/end-to-end 
authentication format and includes a key encrypted by a master key. 

As to dependent 23, ^Vherein generating a registration reply comprises encrypting 
the encryption keys for encrypting messages to be communicated between the mobile node 
and me home domain, and between the mobile node and the foreign domain" is taught in 
'513 col. 18, line 65 through col. 19, line 24 and '513 col. 12, lines 20-40. 

As to dependent 24, " further comprising: decrypting one or more of the encrypted 
encryption keys" is taught in '513 col. 18, line 65 through col. 19, line 24 and '513 col. 12, 
lines 20-40. 

As to dependent 25, 'therein generating the registration reply comprises: 
generating a first encryption key for encrypting messages to be communicated between the 
mobile node and the home domain, generating a second encryption key for encrypting 
messages to be communicated between the foreign domain and the home domain, and 
generating a third encryption key for encrypting messages to be communicated between 
the foreign domain and the mobile node" is disclosed in '513 col. 18, line 65 through col. 19, 
line 24 and ' 5 1 3 col. 1 2, lines 20-40 

As to dependent 26, "wherein generating the registration reply comprises 
encrypting at least one of the first an: third encryption keys" is taught in '513 col. 12, 
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lines 21-64 and col. 18, line 66 through col. 19, line 24, note the encryption/end-to-end 
authentication format is utilized in the registration reply, this format contains the encryption keys 
to be used between gateways. 

As to dependent 27, "further comprising: decrypting at least one of the encrypted 
first and third encryption keys" is taught in '513 col. 12, lines 21-64 and col. 18, line 66 
through col. 19, line 24, note the encryption/end-to-end authentication format is utilized in the 
registration reply, this format contains the encryption keys to be used between gateways. 

As to dependent 28, "wherein the registration reply includes encryption keys that 
are encrypted and encryption keys that are not encrypted" is taught in '513 col. 12, 
lines 21-64 and col. 18, line 66 through col. 19, line 24, note the encryption/end-to-end 
authentication format is utilized in the registration reply, this format contains the encryption keys 
to be used between gateways. 

As to dependent 29, "further including: extracting one or more of the encryption 
keys that are not encrypted from the registration reply" is taught in '513 col. 12, 
lines 21-64 and col. 18, line 66 through col. 19, line 24, note the encryption/end-to-end 
authentication format is utilized in the registration reply, this format contains the encryption keys 
to be used between gateways. 

As to dependent 30, "further including: extracting and decrypting one or more of 
the encryption keys that are encrypted from the registration reply" is taught in '513 col. 12, 
lines 21-64 and col. 18, line 66 through col. 19, line 24, note the encryption/end-to-end 
authentication format is utilized in the registration reply, this format contains the encryption keys 
to be used between gateways. 
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Conclusion 

10. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Ellen C Tran whose telephone number is 
(571) 272-3842. The examiner can normally be reached from 7:30 am to 4:00 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kambiz Zand can be reached on (571) 272-381 1. The fax phone number for the 
organization where this application or proceeding is assigned is (571) 273-8300, 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

ec- ^ 

Ellen Tran 
Patent Examiner 
Technology Center 2 1 34 
29 October 2007 



